feat(client-secrets-manager): Added owning service filter, include pl…

…anned deletion flag, and next rotation date response parameter in ListSecrets.

clients/client-secrets-manager/README.md

@@ -18,8 +18,6 @@ service, see the <a href="https://docs.aws.amazon.com/secretsmanager/latest/user
 <b>API Version</b>
 </p>
 <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
-<p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
-endpoints</a>.</p>
 <p>
 <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
 </p>

clients/client-secrets-manager/src/SecretsManager.ts

@@ -114,8 +114,6 @@ import { SecretsManagerClient } from "./SecretsManagerClient";
  *             <b>API Version</b>
  *          </p>
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
- *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>
@@ -191,9 +189,6 @@ export class SecretsManager extends SecretsManagerClient {
    *       includes the connection information to access a database or other service, which Secrets Manager
    *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
    *       important information needed to manage the secret.</p>
-   *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
-   *
-   *     </p>
    *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
    *          <p>To create a secret, you can provide the secret value to be encrypted in either the
    *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.
@@ -819,13 +814,31 @@ export class SecretsManager extends SecretsManagerClient {
   }
 
   /**
-   * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
-   *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
+   * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
+   *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
+   *          <p>If you include the
+   *       configuration parameters, the operation sets the values for the secret and then immediately
+   *       starts a rotation. If you don't include the configuration parameters, the operation starts a
+   *       rotation with the values already stored in the secret. </p>
+   *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
+   *       make sure the secret value is in the
+   *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
+   *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
+   *       secret.</p>
+   *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
+   *       for the rotation. The Lambda rotation function creates a new
+   *       version of the secret and creates or updates the credentials on the database or service to
+   *       match. After testing the new credentials, the function marks the new secret version with the staging
+   *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
+   *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
+   *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
+   *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
    *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
    *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
    *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
    *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
-   *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+   *       assumes that a previous rotation request is still in progress and returns an error.</p>
+   *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
    *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
    *          <p>
    *             <b>Required permissions: </b>
@@ -1018,7 +1031,6 @@ export class SecretsManager extends SecretsManagerClient {
   /**
    * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
    *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
-   *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
    *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
    *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
    *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not

clients/client-secrets-manager/src/SecretsManagerClient.ts

@@ -304,8 +304,6 @@ export interface SecretsManagerClientResolvedConfig extends SecretsManagerClient
  *             <b>API Version</b>
  *          </p>
  *          <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p>
- *          <p>For a list of endpoints, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/asm_access.html#endpoints">Amazon Web Services Secrets Manager
- *       endpoints</a>.</p>
  *          <p>
  *             <b>Support and Feedback for Amazon Web Services Secrets Manager</b>
  *          </p>

clients/client-secrets-manager/src/commands/CreateSecretCommand.ts

@@ -35,9 +35,6 @@ export interface CreateSecretCommandOutput extends CreateSecretResponse, __Metad
  *       includes the connection information to access a database or other service, which Secrets Manager
  *       doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the
  *       important information needed to manage the secret.</p>
- *          <p>For secrets that use <i>managed rotation</i>, you need to create the secret through the managing service. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.
- *
- *     </p>
  *          <p>For information about creating a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html">Create a secret</a>.</p>
  *          <p>To create a secret, you can provide the secret value to be encrypted in either the
  *       <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both.

clients/client-secrets-manager/src/commands/RotateSecretCommand.ts

@@ -29,13 +29,31 @@ export interface RotateSecretCommandInput extends RotateSecretRequest {}
 export interface RotateSecretCommandOutput extends RotateSecretResponse, __MetadataBearer {}
 
 /**
- * <p>Configures and starts the asynchronous process of rotating the secret. For information about rotation,
- *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a> in the <i>Secrets Manager User Guide</i>. If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. </p>
+ * <p>Configures and starts the asynchronous process of rotating the secret. For more information about rotation,
+ *       see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html">Rotate secrets</a>.</p>
+ *          <p>If you include the
+ *       configuration parameters, the operation sets the values for the secret and then immediately
+ *       starts a rotation. If you don't include the configuration parameters, the operation starts a
+ *       rotation with the values already stored in the secret. </p>
+ *          <p>For database credentials you want to rotate, for Secrets Manager to be able to rotate the secret, you must
+ *       make sure the secret value is in the
+ *         <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html"> JSON structure
+ *         of a database secret</a>. In particular, if you want to use the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users"> alternating users strategy</a>, your secret must contain the ARN of a superuser
+ *       secret.</p>
+ *          <p>To configure rotation, you also need the ARN of an Amazon Web Services Lambda function and the schedule
+ *       for the rotation. The Lambda rotation function creates a new
+ *       version of the secret and creates or updates the credentials on the database or service to
+ *       match. After testing the new credentials, the function marks the new secret version with the staging
+ *       label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more
+ *       information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
+ *          <p>You can create the Lambda rotation function based on the <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html">rotation function templates</a> that Secrets Manager provides. Choose
+ *       a template that matches your <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html">Rotation strategy</a>.</p>
  *          <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached
  *       to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any
  *       version. If the <code>AWSPENDING</code> staging label is present but not attached to the same
  *       version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code>
- *       assumes that a previous rotation request is still in progress and returns an error. When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+ *       assumes that a previous rotation request is still in progress and returns an error.</p>
+ *          <p>When rotation is unsuccessful, the <code>AWSPENDING</code> staging label might be attached to an empty secret version. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot_rotation.html">Troubleshoot rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
  *          <p>Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html">Logging Secrets Manager events with CloudTrail</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>

clients/client-secrets-manager/src/commands/UpdateSecretCommand.ts

@@ -31,7 +31,6 @@ export interface UpdateSecretCommandOutput extends UpdateSecretResponse, __Metad
 /**
  * <p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p>
  *          <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p>
- *          <p>To change a secret so that it is managed by another service, you need to recreate the secret in that service. See <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html">Secrets Manager secrets managed by other Amazon Web Services services</a>.</p>
  *          <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than
  *       once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version
  *       of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not

clients/client-secrets-manager/src/models/models_0.ts

@@ -715,6 +715,7 @@ export interface DescribeSecretResponse {
    */
   DeletedDate?: Date;
 
+  NextRotationDate?: Date;
   /**
    * <p>The list of tags attached to the secret. To add tags to a
    *       secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>
@@ -789,6 +790,7 @@ export enum FilterNameStringType {
   all = "all",
   description = "description",
   name = "name",
+  owning_service = "owning-service",
   primary_region = "primary-region",
   tag_key = "tag-key",
   tag_value = "tag-value",
@@ -1025,6 +1027,7 @@ export enum SortOrderType {
 }
 
 export interface ListSecretsRequest {
+  IncludePlannedDeletion?: boolean;
   /**
    * <p>The number of results to include in the response.</p>
    *          <p>If there are more results available, in the response, Secrets Manager includes <code>NextToken</code>.
@@ -1124,6 +1127,7 @@ export interface SecretListEntry {
    */
   DeletedDate?: Date;
 
+  NextRotationDate?: Date;
   /**
    * <p>The list of user-defined tags associated with the secret. To add tags to a
    *       secret, use <a href="https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html">
@@ -1518,8 +1522,7 @@ export interface RotateSecretRequest {
   ClientRequestToken?: string;
 
   /**
-   * <p>For secrets that use a Lambda rotation function to rotate, the ARN of the Lambda rotation function. </p>
-   *          <p>For secrets that use <i>managed rotation</i>, omit this field. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_managed.html">Managed rotation</a> in the <i>Secrets Manager User Guide</i>.</p>
+   * <p>The ARN of the Lambda rotation function that can rotate the secret.</p>
    */
   RotationLambdaARN?: string;
 
@@ -1531,7 +1534,7 @@ export interface RotateSecretRequest {
   /**
    * <p>Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window.
    *     The rotation schedule is defined in <a>RotateSecretRequest$RotationRules</a>.</p>
-   *          <p>For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
+   *          <p>If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the
    *     <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">
    *                <code>testSecret</code>
    *       step</a> of the Lambda rotation function. The test creates an <code>AWSPENDING</code> version of the secret and then removes it.</p>

clients/client-secrets-manager/src/protocols/Aws_json1_1.ts

@@ -1834,6 +1834,7 @@ const serializeAws_json1_1GetSecretValueRequest = (input: GetSecretValueRequest,
 const serializeAws_json1_1ListSecretsRequest = (input: ListSecretsRequest, context: __SerdeContext): any => {
   return {
     ...(input.Filters != null && { Filters: serializeAws_json1_1FiltersListType(input.Filters, context) }),
+    ...(input.IncludePlannedDeletion != null && { IncludePlannedDeletion: input.IncludePlannedDeletion }),
     ...(input.MaxResults != null && { MaxResults: input.MaxResults }),
     ...(input.NextToken != null && { NextToken: input.NextToken }),
     ...(input.SortOrder != null && { SortOrder: input.SortOrder }),
@@ -2106,6 +2107,10 @@ const deserializeAws_json1_1DescribeSecretResponse = (output: any, context: __Se
         ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastRotatedDate)))
         : undefined,
     Name: __expectString(output.Name),
+    NextRotationDate:
+      output.NextRotationDate != null
+        ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.NextRotationDate)))
+        : undefined,
     OwningService: __expectString(output.OwningService),
     PrimaryRegion: __expectString(output.PrimaryRegion),
     ReplicationStatus:
@@ -2407,6 +2412,10 @@ const deserializeAws_json1_1SecretListEntry = (output: any, context: __SerdeCont
         ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastRotatedDate)))
         : undefined,
     Name: __expectString(output.Name),
+    NextRotationDate:
+      output.NextRotationDate != null
+        ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.NextRotationDate)))
+        : undefined,
     OwningService: __expectString(output.OwningService),
     PrimaryRegion: __expectString(output.PrimaryRegion),
     RotationEnabled: __expectBoolean(output.RotationEnabled),